Vulnerabilities > Zend > Zendto > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-24 CVE-2020-8985 Cross-site Scripting vulnerability in Zend Zendto
ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.
network
low complexity
zend CWE-79
8.8
2020-03-24 CVE-2020-8984 Origin Validation Error vulnerability in Zend Zendto
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.
network
low complexity
zend CWE-346
7.5